WHAT IS CLAIMED IS: 



1 1 . A rights management architecture for securely delivering content to 

2 authorized consumers, the architecture comprising: 

3 a content provider; 

4 a consumer system for requesting content from the content provider; 

5 the content provider generating a session rights object for accessing the 

6 content; 

7 a KDC (key distribution center) for providing authorization data to the 

8 consumer system, the authorization data for accessing the content; 

[:J a caching server for comparing information in the session rights object with 

less? 

ffl) the authorization data; and 

iff the caching server forwarding the requested content to the consumer system if 

■42 the information matches the authorization data. 



f ; 1 2. The architecture of claim 1 wherein 

;tj2 the consumer system is redirected to the caching server to receive the 
requested content. 

5fi 3 The architecture of claim 1 wherein the caching server and the content 

2 provider are combined into a single system identified . 

1 4. The architecture of claim 1 wherein 

2 the caching server employs real time streaming for securely forwarding the 

3 encrypted content. 

1 5. The architecture of claim 1 wherein 

2 the requested content is encrypted for forwarding to the consumer system. 

1 6. The architecture of claim 4 wherein 

2 the caching server and the consumer system exchange control messages for 

3 supporting transfer of the requested content. 

1 7 . The architecture of claim 6 wherein the control messages are encrypted 

2 and authenticated. 

1 8. The architecture of claim 5 wherein 

2 the caching server comprises one or more cache disks for storing encrypted 

3 content. 
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1 9 . The architecture of claim 5 wherein 

2 theKDC distributes cryptographic keys, the KDC employing a blend of 

3 symmetric and public algorithms for distributing the cryptographic keys. 

1 10. The architecture of claim 5 further comprising 

2 a key management protocol for establishing keys between the caching server 

3 and the consumer system. 

1 11. The architecture of claim 1 0 wherein the key management protocol 

2 comprises 

3 a key request message for requesting a session key from the caching server 

4 and 

K: 5 responsive thereof, a key reply message for providing the session key to the 

Cfe consumer system. 

3l 12. The architecture of claim 1 1 wherein 

the session rights object and the authorization data are included in the key 
request message; 

4 wherein the caching server compares information in the session rights object 

!*% to the authorization data; and 

36 if the information matches the authorization data, the session key being 

%J provided to the consumer system. 

Ill 1 1 3 . The architecture of claim 1 2 wherein 

2 the content provider generates the session rights object specifying the user's 

3 access privileges for the content. 

1 14. A rights management method for securely delivering content upon 

2 request from a caching server, the method comprising: 

3 providing a content provider communicably coupled to the a caching server; 

4 providing a key management protocol comprising the steps of, 

5 forwarding a ticket challenge message from the caching server to the content 

6 provider, the challenge message for initiating key management; 

7 responsive thereof, sending a key request message from the content provider 

8 to the caching server; 

9 responsive thereof, sending a key reply message from the caching server to the 

1 0 content provider; 

1 1 responsive thereof, sending a security established message from the content 

12 provider to the caching server; and 
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1 1 responsive thereof, sending a security established message from the content 

12 provider to the caching server; and 

13 establishing a set of keys for securely delivering content from the content 

14 provider to the caching server. 

1 15. The method of claim 1 4 further comprising 

2 providing a consumer system for streaming content from the caching server. 

1 16. The method of claim 14 further comprising 

2 providing a key distribution center for establishing trust between the caching 
. .3 server and the content provider. 

Gl 17. A rights management method for securely pre-positioning content at a 

, 3> caching server, the method comprising: 

j ^3 providing a content provider communicably coupled to the a caching server; 

*Jp4 providing a key management protocol comprising the steps of, 

, ; 5 forwarding a key request message from the content provider to the caching 

W6 server, the key request message for initiating key management; 

137 responsive thereof, sending a key reply message from the caching server to the 

content provider; and 

i &9 establishing a set of keys for securely delivering content from the content 

10 provider to the caching server. 

1 18. The method of claim 1 7 further comprising 

2 providing a consumer system for streaming content from the caching server. 

1 19. The method of claim 1 7 further comprising 

2 providing a key distribution center for establishing trust between the caching 

3 server and the content provider. 

1 20. An authentication system allowing an authorized user to stream 

2 content from a caching server within a computing network, the system comprising: 

3 a content provider for providing the content to the caching server for access by 

4 the user; 

5 a key distribution center receiving from the content provider, a first request to 

6 access the caching server, and if authenticated the content provider delivers the content to the 

7 caching server; and 
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8 the key distribution center receiving from the user, a second request to access 

9 the caching server, and if authenticated the user is allowed to stream the content from the 
1 0 caching server. 

1 21. The authentication system of claim 20 wherein the second request is 

2 for a caching server ticket to access the caching server. 

1 22. A protocol for securing data transfer between components of a 

2 communication network: 

3 a) providing a central server having a database; 

4 b) publishing content metadata from a content provider to the central server; 

5 c) providing a billing center server, communicably coupled to the central 
Q6 server; 

C37 d) reporting billing information from a caching server to the billing center 

i|j^8 server; 
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4: 9 e)providing a provisioning database, coupled to the central server; 

J ^f0 f) updating the provisioning database with consumer information; and 

•4 1 g)using a key management protocol to securely transfer data during any one 
W2 or more of step b) ? step d), and step f). 

a 

jg 1 23 . The protocol of claim 22 wherein 

Jr: 2 the key management protocol comprises 

3 forwarding a key request message for requesting a session key; and 

4 receiving a key reply message for providing a session key. 
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